Unformatted text preview:

Foundations of Network and Computer SecurityAnnouncementsOur Attempted Protocol from Last TimeSecond Stab (cont)How do we Solve this Problem?Certificates: Basic IdeaNew ProtocolSSH (A Different Model)SSH: Typical SolutionKey FingerprintsX.509 CertificatesProject #1What does secret key look like?OpenSSL RSA Private KeyBut Notice no Password!What does key look like now?CSR: Certificate RequestCreating a CSRViewing a CSRCSRsSample CertificateViewing a CertificateWhat have we Accomplished?CA’s Verification Key is a Cert!Martin’s Root CertHow to Distribute the Root Cert?Distributing the Root CertRoot Cert FingerprintOverall Idea of the ProjectSample Message from A to BFoundations of Network and Foundations of Network and Computer SecurityComputer SecurityJJohn BlackLecture #13Oct 11th 2005CSCI 6268/TLEN 5831, Fall 2005Announcements•Quiz #2 later today–Allocate last 30 mins•No Class on Thurs–No OH on Thurs–Fall Break•Project #0 Due Oct 18th–One week from todayOur Attempted Protocol from Last Time•C says Hello•S sends pkS to C•C generates two 128-bit session keys–Kenc, Kmac, used for encryption and MACing•C encrypts (Kenc, Kmac) with pkS and sends to S•S recovers (Kenc, Kmac) using skS and both parties use these “session keys” to encrypt and MAC all further communicationSecond Stab (cont)•Problems?–Good news: we’re a lot more efficient now since most crypto is done with symmetric key–Good news: we’re doing some authentication now–Bad news: Man-in-the-Middle attack still possible–Frustratingly close•If we could get pkS to the client, we’d be happyHow do we Solve this Problem?•Idea:–Embed pkS in the browser•A cannot impersonate S if the public key of S is already held by C•Problems:–Scalability (100,000 public keys in your browser?)–Key freshening (if a key got compromised and it were already embedding in your browser, how would S update?)–New keys (how do you get new keys? A new browser?)–Your crypto is only as reliable as the state of your browser (what if someone gets you to install a bogus browser?)•(Partial) Solution: CertificatesCertificates: Basic Idea•Enter the “Certification Authority” (CA)–Some trusted entity who signs S’s public key•Well-known ones are Verisign, RSA•Let’s assume the entity is called “CA”•CA generates keys vkCA and skCA•CA signs pkS using skCA•CA’s vkS is embedded in all browsers–Same problem with corrupted browsers as before, but the scaling problem is goneNew Protocol•C sends Hello•S sends pkS and the signature of CA on pkS–These two objects together are called a “certificate”•C verifies signature using vkCA which is built in to his browser•C generates (Kenc, Kmac), encrypts with pkS and sends to S•S decrypts (Kenc, Kmac) with skS •Session proceeds with symmetric cryptographySSH (A Different Model)•SSH (Secure SHell)–Replacement for telnet–Allows secure remote logins•Different model–Too many hosts and too many clients–How to distribute pk of host?–Can be done physically–Can pay a CA to sign your keys (not likely)–Can run your own CA•More reasonable, but still we have a bootstrapping problemSSH: Typical Solution•The most common “solution” is to accept initial exposure–When you connect to a host for the first time you get a warning:•“Warning: host key xxxxxx with fingerprint xx:xx:xx is not in the .ssh_hosts file; do you wish to continue? Saying yes may allow a man-in-the-middle attack.” (Or something like that)•You take a risk by saying “yes”•If the host key c hanges on your host and you didn’t expect that to happen, you will get a similar warning–And you should be suspiciousKey Fingerprints•The key fingerprint we just saw was a hash of the public key–Can use this when you’re on the road to verify that it’s the key you expect•Write down the fingerprint on a small card and check it•When you log in from a foreign computer, verify the fingerprint–Always a risk to log in from foreign computers!X.509 Certificates•X.509 is a format for a certificate–It contains a public key (for us, at least), email address, and other information–In order to be valid, it must be signed by the CA–In this class, our grader Martin, will be the CAProject #1•The next phase of the project –Won’t be assigned for a while, but here is a heads-up–You will generate an RSA pk,sk pair using OpenSSL (genrsa command)•Your private key should be password protected•PEM stands for “Privacy Enhanced Mail” and is the default format used by OpenSSL% openssl genrsa –out john-priv.pem 1024Generating RSA private key, 1024 bit long modulus..........++++++.++++++e is 65537 (0x10001)What does secret key look like?-----BEGIN RSA PRIVATE KEY-----fFbkGjYxpp9dEpiq5p61Q/Dm/Vz5X2Kpp2+11qFCKXLzxc8Z8zL7Xgi3oV5RUtSlwFjkiJaPP7fyo/X/Swz0LO1QKVQ7RDUe9NpnwTUBV44rtQVsSWfbgzdA9MAQT945wBI27OAJWYQTApEeM2JhgvqCSPtdIn9paC9yeIzXLxwqrnlLCscGKncX53y3J3QGKP1UqujpdTY9FRMvbL6bM5cn1bQ16pSbjntgFi5q4sdcwBNiWveFy5BNf4FnWtk6KdAQ4jFeZqnwR3eAP0kdleosucPNZMxoQKafsi19bGi9BDdR4FoBdHy+K1sbXEm0Z5+mcVPIITmB9MgUQLZ/AFguXHsxGDiH74es2Ahe6OACxWlqe4nfFxikXJfJw8EY9nzw8xSZV5ov66BuT6e/K5cyrd2r0mlUb9gooYoVZ9UoCfO/C6mJcs7i7MWRNakvtC1Ukt9FqVF14Bcr1oB4QEeK1oWW3QU2TArCWQKc67sVcSBuvMJjBd18Q+8AZ7GYJtt4rcOEb0/EUJuMauv4XlAQkiJcQ46qQjtkUo346+XMeRjWuUyQ/e5A/3Fhprat7C10relDQonVi5WoXrEUTKeoaJgggZaeFhdpoee6DQePSWfLKB06u7qpJ6Gr5XAdNnBoHEWBYH4C0YcGm77OmX7CbPaZiIrha/WU7mHUBXPUHDCOhyYQK8uisADKfmEVXEzyl3iK6hF3cJFDZJ5BBmI774AoBsB/vahLquBUjSPtDruic24h6n2ZXcGCLiycredr8OiGRJ0r6XF85GYKUO82vQ6TbSXqBgM5Llotf53gDZjMdT71eMxI4Fj3PH91-----END RSA PRIVATE KEY-----(Not very useful, is it?)OpenSSL RSA Private Key% openssl rsa -in john-priv.pem -text -nooutPrivate-Key: (1024 bit)modulus: 00:a3:8d:60:56:df:75:52:50:62:fb:6b:09:3a:2e: e4:46:4e:e3:e2:d2:fe:c5:43:52:71:5a:47:ed:26:. . . 63:29:27:38:bf:df:cc:cd:0bpublicExponent: 65537 (0x10001)privateExponent: 7f:09:7c:50:5e:27:c9:f5:28:bd:33:29:aa:a8:eb: a4:f4:f8:2b:a2:4a:44:3d:03:97:8a:51:9e:12:29:. . . 19:7f:28:b4:ff:70:f8:99prime1: 00:d9:12:85:e4:c5:6f:23:7a:19:7c:34:81:1a:20: ac:80:ae:9a:0d:24:a8:ca:9d:43:06:7a:26:a1:02:. . . 0c:8f:a5:8d:9fprime2: …exponent1: …exponent2: …coefficient: …Challenge Problem #2: Figure out what these are!But Notice no Password!•Shouldn’t leave your private key lying around without password protection; let’s fix this% openssl genrsa -aes128 -out john-priv.pem


View Full Document

CU-Boulder CSCI 6268 - Lecture #13

Download Lecture #13
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture #13 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture #13 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?